ClawHub

Chat Learnings Extractor

Security checks across malware telemetry and agentic risk

Overview

This skill does what it advertises: it analyzes user-provided chat export files, optionally sends summaries to a configured model API, and writes extracted learnings locally.

Use the default local Ollama mode for sensitive conversations. Only set OPENAI_API_KEY or OPENAI_BASE_URL if you are comfortable sending condensed chat content to that provider, and try --dry-run or --limit first to inspect behavior before writing workspace memory files.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
89% confidence
Finding
The skill documentation indicates capabilities to read conversation exports, write results to workspace files, inspect environment variables, and optionally send data over the network, yet the metadata declares no corresponding permissions. This creates a transparency and consent problem: users and policy systems may not realize the skill can access local data and exfiltrate conversation content to external APIs.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill explicitly supports sending exported AI conversations to OpenAI-compatible APIs but does not prominently warn that conversation exports may contain sensitive or personal data. Because the feature processes chat histories, the context materially increases the risk of privacy leakage and unintended disclosure to third-party services.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
When OPENAI_API_KEY is present, the script automatically condenses conversation content and sends it to an external OpenAI-compatible API, but there is no runtime warning or explicit consent step. Because chat exports may contain sensitive prompts, code, secrets, or personal data, users may unknowingly exfiltrate private content to a third-party service.

External Transmission

Medium
Category
Data Exfiltration
Content
```bash
export OPENAI_API_KEY=sk-...
export OPENAI_BASE_URL=https://api.openai.com/v1  # optional, defaults to OpenAI
python3 scripts/extract.py --dir /path/to/exports --model gpt-4o-mini
```
Confidence
92% confidence
Finding
https://api.openai.com/

External Transmission

Medium
Category
Data Exfiltration
Content
```bash
export OPENAI_API_KEY=sk-...
export OPENAI_BASE_URL=https://api.openai.com/v1  # optional
python3 scripts/extract.py --dir /path/to/exports --model gpt-4o-mini
```
Confidence
92% confidence
Finding
https://api.openai.com/

External Transmission

Medium
Category
Data Exfiltration
Content
**Environment Variables:**
- `OPENAI_API_KEY` — API key (required to enable this mode; if set, OpenAI mode is used instead of Ollama)
- `OPENAI_BASE_URL` — API base URL (default: `https://api.openai.com/v1`)

**Model auto-selection:**
- If `OPENAI_API_KEY` is set → defaults to `gpt-4o-mini`
Confidence
90% confidence
Finding
https://api.openai.com/

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal